IN THE CLAIMS 

This listing of the claim will replace all prior versions and listings of claim in 
the present application. 
Listing of Claims 

1 . (currently amendecl)A security system design supporting method for 
supporting toe-designing of security requirements and/ or security specifications 
based on an international security evaluation criteria i n th e stag e of during 
planning/designing of an information-related product and/ or an information system, 
said method comprising the steps of: 

providing a template case database for storing internationally registered 
protection profiles (PP) or PP/STs (security targets) , that have been generated in th e 
past and not internationally registered, in aclass-tree structure based on a relation 
th e inh e r i tanc e between tbe-types of th e product products or th e syst e m systems as a 
target of evaluation (TOE) of said PP/STs; 

specifying the PP/STs related to the TOE by designating constitut i ng 
elements included in the products or systems , type and evaluation assurance level of 
the TOE and retrieving a relevant class- tree structure from said database; and 

automatically generating a PP/ST draft of the TOE by integrally editing the 
contents of the-a_definition of sald- the specified PP/STs. 

2. (currently amended)A security system design supporting method 
comprising the steps of: 
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providing a partial case database for storing a security environment including 
assumptions, threats and organizational policies corresponding to the con s t i tut i ng 
elements of a- the product aod/or a-system accumulated by the PP/ST-applied-sases, 
security objectives corresponding to the security environment, CC requirements 
corresponding to the security objectives, and tbe-information eR-of a summary 
specification corresponding to the CC requirements; 

automatically mapping from said database to the-corresponding information 
by designating the const i tut i ng elements included in the product or system , the 
security environment, the security objectives and the security requirements of the 
TOE; and 

automatically generating a portion of contents of definition of the PP/ST 
associated with the TOE based on the corresponding information thus mapped. 

3. (currently amended)A security system design supporting method 
comprising i n comb i nation the steps of : 

automatically generating a PP/ST draft by the- a first security system design 
supporting method accord i ng to Claim 1 , which comprises the steps of: ^aft€t 

providing a template case database for storing internationally registered 
protection profiles (PP) or PP/STs (security targets), that have been generated in the 
past and not internationally registered, in a class-tree structure based on a relation 
between types of products or systems as a target of evaluation (TOE) of said 
PP/STs, 
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specifying the PP/STs related to the TOE by designating elements included in 
the products or systems, type and evaluation assurance level of the TOE and 
retrieving a relevant tree from said database, and 

automatically generating a PP/ST draft of the TOE by integrally editing 
contents of a definition of said specified PP/STs; 

partially adding and/ or correcting the PP/ST by toe-a second security system 
design supporting method, accord i ng to C l a i m 2. which comprises the steps of: 

providing a partial case database for storing a security environment including 
assumptions, threats and organizational polices corresponding to elements of the 
products or systems accumulated by the PP/ST-applied cases, security objectives 
corresponding to the security environment CC requirements corresponding to the 
security objectives, and information of a summary specification corresponding to the 
CC reguirements, 

automatically mapping from said database to corresponding information by 
designating the elements included in the products or systems, the security 
environment, the security objectives and the security reguirements of the TOE, and 

automatically generating a portion of contents of a definition of the PP/ST 
associated with the TOE based on the corresponding information thus mapped. 

4. (currently amended)A security system design supporting method 
according to Claim 1, further comprising the steps of: 

indicating the PP/STs stored in the template case database as icons by which 
the const i tuting elements, type and the evaluation assurance level can be identified; 
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specifying the PP/STs related to the TOE from the i nh e r i tanc e related class- 
tree based on tbe-reference PP/ST cases of the i nh e r i t a nc e relations between the 
PP/STs expressed in a tree; and 

producing a structure diagram of the TOE using the icons of said specified 
PP/STs as constituting elements. 

5. (currently amended)A security system design supporting method 
according to Claim 2, further comprising the steps of: 

storing data concerning the-probability of occurrence of each threat and the 
loss amount affected by the threat and cost of protection co 6 t of each security 
objective collectively in the partial case database; 

producing a formula of a combinatorial optimization problem by designating 
tbe-constraints of a risk acceptance, a cost limit value, a ratio of residual risk to 
protection cost and the-objective functions for cost minimization or protection risk 
maximization with respect to tbe-a_relation between tbe-risk of each threat^ {the 
probability of occurrence multiplied by tbe-affected loss amount) and the cost of 
protection cost of the corresponding security objectives; and 

determining cost-effective optimal security objectives by solving said 
combinatorial optimization problem. 

6. (currently amended)A security system design supporting method 
according to Claim 2, further comprising the step of: 
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verifying whether the-requirements of the-automatically generated contents of 
definition match the-dependency and/ or h ie rarchy relation between the-functional 
requirements and the-assurance requirements of the reference specifications based 
on the dependency and/or h ie rarchy relation of the reference specifications. 

7. (currently amended)A security system design supporting method 
according to Claim 1, further comprising the steps of: 

automatically generating a rationale matrix indicating in a matrix table each 
correspondence between the-security environments, the-security objectives, the 
security requirements and the-summary specification as a part of the-contents of the 
PP/ST definition from the-a_security environment, the security objectives, the security 
requirements and the summary specification or the correspondence between them; 
and 

verifying the-presence or absence of the-definition information lacking the 
correspondence using said-a/ationale matrix generated. 

8. (currently amended)A security system design supporting method 
according to Claim 2, further comprising the steps of: 

automatically generating a rationale matrix indicating in a matrix table each 
correspondence between the-security environments, the-security objectives, the 
security requirements and the-summary specification as a part of the-contents of the 
PP/ST definition from the security environment, the security objectives, the security 
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requirements and the summary specification or the correspondence between them; 
and 

verifying the presence or absence of the-definition information lacking the 
correspondence using said rationale matrix generated. 

9. (currently amended)A security system design supporting method 
according to Claim 3, further comprising the steps of: 

automatically generating a rationale matrix indicating in a matrix table each 
having a correspondence between the-security environments, the-security 
objectives, the-security requirements and the-summary specification as a part of the 
contents of the PP/ST definition from the security e nvironment environments , the 
security objectives, the security requirements and the summary specification or the 
correspondence between them; and 

verifying the-presence or absence of the-definition information lacking the 
correspondence using said rationale matrix generated. 

10. (currently amended)A security system design supporting method 
according to Claim 1 , further comprising the steps of: 

storing information newly added in the-aprocess of PP/ST generation and the 
ajesult of PP/ST generation in accordance with the i nh e r i tanc e relation and 
correspondence in the template case database and the partial case database; and 

improving and expanding the-information stored in the case database. 
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1 1 . (currently amended)A security system design supporting method 
according to Claim 2, further comprising the steps of: 

storing information newly added in tbe-a_process of PP/ST generation and the 
ajesult of PP/ST generation in accordance with the i nh e r i tanc e relation and 
correspondence in the template case database and the partial case database; and 

improving and expanding the information stored in the case database. 

12. (currently amended)A security system design supporting method 
according to Claim 3, further comprising the steps of: 

storing information newly added in tbe-a_process of PP/ST generation and the 
ajesult of PP/ST generation in accordance with the i nh e r i tanc e relation and 
correspondence in the template case database and the partial case database; and 

improving and expanding the information stored in the case database. 

1 3. (original) A security system design supporting method according to 
Claim 1: 

wherein the generated PP/ST can be evaluated in a PP/ST evaluation check 
list in the form of questions based on an international security evaluation method. 

14. (original) A security system design supporting method according to 
Claim 2: 

wherein the generated PP/ST can be evaluated in a PP/ST evaluation check 
list in the form of questions based on an international security evaluation method. 
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15. (original) A security system design supporting method according to 
Claim 3: 

wherein the generated PP/ST can be evaluated in a PP/ST evaluation check 
list in the form of questions based on an international security evaluation method. 

Claim 16 (canceled). 

17. (currently amended)A security design supporting method for supporting 
the design of the-security requirements and/ or security specifications based on 
international evaluation criteria i n th e stag e o f durinq planning and/or designing of a 
TOE, using a database including a template case database structured in a class tree 
of internationally registered PPs (protection profiles) or PP/STs (security targets) not 
internationally registered, based on th e inher i tanc e a relation between types of tee 
product and/ products or syst e m systems as a TOE of said PP/STs, said method 
comprising the steps of: 

specifying by designating th e const i tut i ng elements included in the products or 
systems , type and the-assurance level of the TOE and retrieving the class- tree of the 
PP/STs related to the TOE from said database; 

automatically generating a PP/ST draft of the TOE by integrally editing the 
contents of definition of said -the specified PP/STs; and 
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expanding said case database by storing tbe-information newly added in tbe-a 
process of PP/ST generation and/ or the-a_result of PP/ST generation in accordance 
with the i nh e r i tanc e relation of a template case database or a partial case database. 

1 8. (currently amended)A security system design supporting method 
executed using a case database for storing a security environment including 
assumptions, threats and organizational policies corresponding to const i tut i ng 
elements of a product aod/or a system accumulated by PP/ST-applied cases, 
security objectives corresponding to tke-security environment, CC requirements 
corresponding to the security objectives, and information on a summary specification 
corresponding to the CC requirements, said method comprising the steps ofi: 

storing data concerning the-SLprobability of occurrence of each threat and the 
ajoss amount affected by the threat together with protection cost data of each 
security objective in said case database; 

expressing in a formula a combinatorial optimization problem by designating 
constraints including risk acceptance, the-cost limit value, tbe-ratio of a residual risk 
to a protection cost and objective functions for protection risk maximization or cost 
minimization with respect to the-relation between the risk of each threat and the 
protection cost of corresponding security objectives, the risk being expressed as the 
a_product of tbe-a_probability of occurrence and tbe-affected loss amount; and 

determining a cost-effective optimal security objective by solving said 
combinatorial optimization problem. 
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1 9. (currently amended)A computer readable recording medium for storing 
program code means for executing the design support of security requirements 
and/ or security specifications based on international security evaluation criteria in the 
stage of planning or designing a TOE using a database including a template case 
database class-tree s tructur e d structure based on a relation th e inh e r i tanc e between 
the-types of the-TOE of said PP/STs for storing internationally registered PPs A 
(protection profiles) A or PP/STs produced in the past and not internationally 
registered, wherein said program code means includes: 

program means for retrieving said tree and specifying the PP/STs related to 
the TOE by designating const i tut i ng elements included in a product or system , type 
and the-assurance level of said TOE; 

program means for automatically generating a PP/ST draft of the TOE by 
integrally editing the-contents of the definition of the PP/STs specified; and 

program means for expanding the case database by storing information newly 
added in the-a_PP/ST generation process and/ or the-a_result of PP/ST generation in 
accordance with the i nh e r i tanc e relation of the template case database or the partial 

r 

case database. 

20. (currently amended)A computer readable recording medium for storing 
program code means for executing the supporting of design of a security system 
using a case database for storing a security environment including assumptions, 
threats and organizational policies corresponding to corr e spond i ng information of 
i nc l ud i ng const i tut i ng elements of a product and/or a system as a target of evaluation 
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(TOE) accumulated by the PP/ST construction cases, security objectives 
corresponding to tbe-a_security environment, security requirements corresponding to 
the security objectives, and an implementation scheme corresponding to the security 
requirements, wherein said program code means includes: 

program means for storing toe-a_probability of occurrence of each threat and 
an affected loss amount data together with cost of protection cost data of each 
security objective in said case database; 

program means for expressing in a formula a combinatorial optimization 
problem by designating constraints including a risk acceptance, cost limit value, the 
ratio of a residual risk to tfre -cost of protection co s t and an objective function for cost 
minimization or maximization of the-protection risk with respect to the relation 
between the-ajisk of each threat and the cost of protection cost of the corresponding 
security objectives, the risk being expressed as tbe-aproduct of the-probability of 
occurrence and the-affected loss amount; and 

program means for determining cost-effective optimal security objectives by 
solving said combinatorial optimization problem. 

21 . (currently amended)A computer readable program stored on a medium 
and implementing a security system design supporting method for supporting the 
designing of security requirements and/or security specifications based on an 
international security evaluation criteria in th e stag e of planning/designing of an 
information-related product and/ or an information system, comprising the steps of: 
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providing a template case database for storing internationally registered 
protection profiles (PP) or PP/STs (security targets) generated in the past and not 
internationally registered, in a_class-tree structure based on th e inh e r i t a nc e a relation 
between the-types of th e product products or th e syst e m systems as a target of 
evaluation (TOE) of said PP/STS; 

specifying the PP/STs related to the TOE by designating constituting 
elements, type and evaluation assurance level of the TOE and retrieving a relevant 
from said database; and 

automatically generating a PP/ST draft of the TOE by integrally editing the 
contents of the definition of said specified PP/STs. 

22. (new) A security design supporting method for creating a security 
specification of an information system or a product, comprising the steps of: 

providing a database in which security specifications relating to an information 
system or an information product are previously registered in a class-tree structure 
based on an inheritance relation between constituent elements, types of product or 
certification levels; 

when creating a security specification of an objective information system or a 
product as an object to be designed, sending relevant constituent elements or 
relevant security specifications of a product from said database using objective 
constituent elements, product type and acquired certification level as a search key; 
and 
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when a plurality of specifications are searched, integrally editing the searched 
plurality of specifications into one specification according to a format of prescribed 
contents in respect to descriptions of the searched specifications to thereby 
automatically generate a specification draft of the objective information system or 
product. 
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